Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/H4AOQ_9rDMaAPWR6BsCpG1osG28.roa
File:                     H4AOQ_9rDMaAPWR6BsCpG1osG28.roa (raw, json)
Hash identifier:          k3sCIgT9KzYVNHBfPE7SKe4qhc/sjoUP9OEoEIjIOk0=
Subject key identifier:   1F:80:0E:43:FF:6B:0C:C6:80:3D:64:7A:06:C0:A9:1B:5A:2C:1B:6F
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018CC3B736D05FCD7BF9FDC151B07D7A90BE
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/H4AOQ_9rDMaAPWR6BsCpG1osG28.roa
Signing time:             Mon 01 Jan 2024 06:30:13 +0000
ROA not before:           Mon 01 Jan 2024 06:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     37173
IP address blocks:        193.251.153.0/24 maxlen: 24
                          193.251.218.0/23 maxlen: 24
                          193.251.222.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:36:d0:5f:cd:7b:f9:fd:c1:51:b0:7d:7a:90:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 06:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f800e43ff6b0cc6803d647a06c0a91b5a2c1b6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6d:eb:f4:16:62:fd:45:61:d4:76:75:46:03:
                    f5:a4:68:1f:fe:4a:44:f9:7c:b0:3d:70:4d:67:e2:
                    5f:e1:b4:e8:40:d8:59:22:75:17:11:19:70:53:d7:
                    17:50:dc:b3:16:9b:94:bc:71:34:76:f3:19:29:b5:
                    4d:1c:69:a2:dc:a4:64:1a:4f:bb:8e:5a:4f:50:47:
                    e5:bc:eb:96:fd:2c:00:da:5c:4c:5c:48:d4:30:7a:
                    e9:c3:fb:d9:2b:ca:03:dc:6a:eb:68:d2:5a:b4:fd:
                    7f:6a:d2:f0:d3:09:dc:46:ad:24:09:47:f0:bd:c5:
                    5f:4c:a2:99:bb:a7:ad:ff:35:b9:bd:59:b8:2e:82:
                    0f:6b:7c:3a:50:31:70:a3:b2:03:42:aa:a0:9a:d0:
                    b0:ae:8f:de:6d:bb:fe:22:57:d5:4d:50:2f:83:20:
                    ab:57:e8:f9:27:15:bd:13:23:3b:d9:ff:65:92:51:
                    79:a1:42:d6:40:d6:e1:62:d2:85:58:93:a8:e7:88:
                    69:74:4a:a0:5e:5d:97:7b:7a:43:96:6d:04:2e:b3:
                    16:18:44:fe:fc:05:77:38:e2:20:fd:35:2d:3e:8c:
                    2d:db:40:b1:14:a0:c5:3f:94:9d:a1:11:b8:a6:f7:
                    e0:e1:af:53:4a:ec:69:23:f4:6c:de:84:64:3f:1c:
                    25:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:80:0E:43:FF:6B:0C:C6:80:3D:64:7A:06:C0:A9:1B:5A:2C:1B:6F
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/H4AOQ_9rDMaAPWR6BsCpG1osG28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.251.153.0/24
                  193.251.218.0/23
                  193.251.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         98:b7:22:99:ca:de:b8:02:e2:c6:4b:cb:6e:dd:3d:4d:32:9c:
         de:5b:12:14:4b:0b:aa:4b:e0:c0:b1:fe:5f:ce:fd:8d:01:4b:
         36:72:6a:f4:db:56:b8:9b:22:52:f3:c0:23:d3:40:a2:24:44:
         36:af:48:c2:9b:41:4f:88:7a:45:ae:a8:9e:40:a3:e6:22:b7:
         bd:72:d5:9f:60:6d:58:49:8a:bb:91:49:fc:6e:73:a3:42:a9:
         4e:e5:3c:45:13:1a:97:2b:84:b8:c8:67:2d:3c:82:0c:9a:ba:
         dd:bd:5d:95:a4:c5:27:ce:cd:20:3e:31:3a:7e:ab:08:be:94:
         c9:02:d3:fe:92:12:74:b0:c0:e1:1b:2e:c1:54:b2:dd:69:b7:
         2d:7e:4a:99:e1:82:29:8e:a2:fe:09:63:cc:ce:86:5e:3a:ea:
         7e:42:ac:44:bc:38:67:01:a1:9d:54:86:ca:ac:70:ab:fd:16:
         43:23:14:20:cc:f5:61:c4:d3:72:0f:31:ed:c4:b3:25:36:08:
         00:a8:ef:d7:70:8d:6a:50:d9:9f:b5:d5:1e:9a:51:17:8f:9a:
         d6:6b:17:93:1e:90:ae:84:b8:9b:9d:10:c9:cf:63:bb:99:d7:
         61:71:ae:8e:46:8f:91:1b:c4:db:35:de:d2:56:6b:8f:81:13:
         20:72:37:1a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzDtzbQX817+f3BUbB9epC+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMTAxMDYzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjgwMGU0M2ZmNmIwY2M2ODAzZDY0N2EwNmMwYTkxYjVhMmMxYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmm3r9BZi/UVh1HZ1RgP1pGgf/kpE
+XywPXBNZ+Jf4bToQNhZInUXERlwU9cXUNyzFpuUvHE0dvMZKbVNHGmi3KRkGk+7
jlpPUEflvOuW/SwA2lxMXEjUMHrpw/vZK8oD3GrraNJatP1/atLw0wncRq0kCUfw
vcVfTKKZu6et/zW5vVm4LoIPa3w6UDFwo7IDQqqgmtCwro/ebbv+IlfVTVAvgyCr
V+j5JxW9EyM72f9lklF5oULWQNbhYtKFWJOo54hpdEqgXl2Xe3pDlm0ELrMWGET+
/AV3OOIg/TUtPowt20CxFKDFP5SdoRG4pvfg4a9TSuxpI/Rs3oRkPxwlTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB+ADkP/awzGgD1kegbAqRtaLBtvMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvSDRBT1FfOXJETWFBUFdSNkJzQ3BHMW9zRzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAwfuZAwQB
wfvaAwQBwfveMA0GCSqGSIb3DQEBCwUAA4IBAQCYtyKZyt64AuLGS8tu3T1NMpze
WxIUSwuqS+DAsf5fzv2NAUs2cmr021a4myJS88Aj00CiJEQ2r0jCm0FPiHpFrqie
QKPmIre9ctWfYG1YSYq7kUn8bnOjQqlO5TxFExqXK4S4yGctPIIMmrrdvV2VpMUn
zs0gPjE6fqsIvpTJAtP+khJ0sMDhGy7BVLLdabctfkqZ4YIpjqL+CWPMzoZeOup+
QqxEvDhnAaGdVIbKrHCr/RZDIxQgzPVhxNNyDzHtxLMlNggAqO/XcI1qUNmftdUe
mlEXj5rWaxeTHpCuhLibnRDJz2O7mddhca6ORo+RG8TbNd7SVmuPgRMgcjca
-----END CERTIFICATE-----